tags:

views:

374

answers:

3
+1  Q: 

How can I tell if a user belongs to an role in active directory - using ColdFusion

If I am using integration authentication in IIS, how can I determine if the current user is part of a specific active directory role, using ColdFusion.

This would be analogous to using the IsInRole() method of the User object in .net - how can it be done in ColdFusion

+1  A: 

In coldfusion to check a users role you would use IsUserInRole()

http://cfquickdocs.com/#IsUserInRole

Edit - And actually I hope I understood correctly, I don't know anything about IIS or active directory. As I understood the question you wanted to check a users role in Coldfusion.

I think you may be looking for something more like this: http://vincentcollins.com/2008/08/20/active-directory-ldap-authentication/ or this: http://coldfusion.sys-con.com/node/154225

jyoseph  2009-08-06 05:54:17
+5  A: 

the only way to do this is to use cflap and query the active directory server to get a list of groups. after you've gotten the list, you will need to parse it to see if that user belongs to the group in question. below is some code i wrote with some comments for the people at work. values have been changed to protect the innocent.

<!--- getting the user login id --->
<cfset variables.thisuser = ListLast(cgi.AUTH_USER, "\")>
<!--- this is the group they must be a memberof --->
<cfset variables.groupname = "CN=<the group to search for>">
<!--- list of all groups that the user belongs to, will be populated later --->
<cfset variables.grouplist = "">

<cftry>
    <cfldap action="query"
     name="myldap"
     attributes="memberOf"
     start="OU=<your ou>,DC=<your dc>,DC=<your dc>"
     scope="subtree"
     filter="(sAMAccountName=#variables.thisuser#)"
     server="<your AD server ip>"
     port="<your AD server port>"
     username="<network login if required>"
     password="<network password if required>">

    <cfset variables.grouplist = myldap.memberOf>

<cfcatch>
    </cfcatch>
</cftry>

<cfif FindNoCase(variables.groupname, variables.grouplist)>

    <cfcookie name="SecurityCookieName" value="">

</cfif>
rip747  2009-08-06 16:09:16
+1  A: 

Just as a follow up, SQL server has ADSI providers that allow you to create a linked server to your LDAP servers.

From there you can do ldap queries to your AD and it returns like any other record set.

I find it a little easier to do complex ldap query then via CF.

Byron Mann [email protected] [email protected] Software Architect hosting.com | hostmysite.com http://www.hostmysite.com/?utm_source=bb

Byron70  2009-08-13 01:52:44

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?